-
Notifications
You must be signed in to change notification settings - Fork 434
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide documentation about encrypt/decrypt settings #139
Comments
The way it works in the cli is different from how it works on azure. CLIThe CLI uses a file called On AzureThe recommended way is to store your app settings through the AppSettings on the Azure portal (or through the ARM REST API) Possible workflowsThere are few workflows that you can utilize, depending on your personal preference for managing secrets, etc. You can also start from the commandline or through Visual Studio. So if you're starting from Visual Studio for example you can have a function that looks like [FunctionName("MyQueueFunction")]
[StorageAccount("account1")]
public static async Task Run([QueueTrigger("my-queue")] string message)
{
} The runtime would expect you to have that the only remaining hole here is publishing. Ideally you should be able to publish to azure and then set all the app settings you have locally as well in one go. I'm planning to add that to the publish command in the cli itself, though publishing through other means (VS, FTP, etc) is out of scope for the CLI and would require work else where. Does that answer your questions? |
Thats a very help answer. Manually adding secrets via the portal is not ideal. This is a definite FAQ to be added to be added to the official documenration :) It seems a section in the cli deocs on differences from portal would be helpful too. |
Indeed, perhaps copy/paste this to a wiki document. |
To be honest however, one of the issues I was hoping to see addressed was the fact that the AppSettings and ConnectionStrings are visible in plain text from the portal. Indeed they're encrypted at-rest, but obviously there's still an issue there. |
They are visible in plain text because anyone who can manage the app can view the settings. If you can run code, you could just as easily write a script that prints the value of those settings. Closing this issue as the original question was answered. We're working on improved documentation on the CLI in the official docs. |
Keeping app settings and connection strings encrypted is a very desirable prospect, but I did not believe it was possible with Azure Apps or Functions. Also, the workflow for deploying settings is fairly undesirable and inefficient. Can you please describe how the encrypt feature works with the Azure Functions CLI, what problem it intends to solve, and what the envisioned developer workflow is?
The text was updated successfully, but these errors were encountered: